On November 14, Leah McGrath, Executive Director of GovRAMP, presented the 2023 Staff Report to the Steering Committee. As we wrap up 2023, these Top 10 Updates serve as a reflection on the year and a glimpse into the future. Join us as we dive into the Top 10 GovRAMP updates going into the new year.
GovRAMP’s Top 10 Updates of 2023:
1. Office of the National Cybersecurity Director’s (ONCD) Request for Information on Opportunities for and Obstacles to Harmonizing Cybersecurity Regulations Office
The GovRAMP Staff collaborated with the GovRAMP Board to submit a response to the ONCD’s Request for Information (RFI) in October 2023.
2. Security Program Rev 5 Updates
GovRAMP prioritized updating our security framework based on NIST 800-53 Rev.5 (from Rev. 4). Updating this framework results in closely aligning with FedRAMP’s low and moderate impact baselines. The Rev. 5 policies and procedures will be updated on the GovRAMP website by early January. GovRAMP Ready, Provisionally Authorized, and Authorized will all be required to meet Rev. 5 requirements by October 1, 2024.
3. GovRAMP Security Snapshot Criteria and Scoring Update
Launched in January 2023, the GovRAMP Security Snapshot and Progressing Snapshot Program have become highly successful. In October 2023, the GovRAMP Standards and Technical Committee updated the criteria and scoring to align with NIST 800-53 Rev. 5 and the MITRE ATT&CK framework. The new criteria prioritize the highest-scoring MITRE ATT&CK threat controls, emphasizing best practices for improved security defense. The updated Security Snapshot criteria will be effective January 1, 2024.
4. NASPO – GovRAMP Joint Procurement Task Force
GovRAMP and strategic partner NASPO have formed a joint Task Force to enhance best practice templates and solicitation/contract language. The Task Force plans to meet from October 2023 to March 2024 and will provide recommendations and findings to the Board and Steering Committee.
5. CJIS Task Force Set to Begin in 2024
The Standards and Technical leadership, in collaboration with FBI CJIS leadership, are initiating a GovRAMP CJIS Task Force. The objective is to unite State and Local Government stakeholders with FBI CJIS guidance to develop a GovRAMP overlay to align with CJIS requirements. Even though no CJIS certification exists, the CJIS-focused overlay aims to showcase a product’s potential for compliance. Obtaining GovRAMP Authorization with this overlay would be directional, and any CJIS compliance would still be determined by the appropriate agency personnel. FBI CJIS team will serve as advisors, and outreach will begin this quarter, with Task Force starting in Q1 of 2024.
6. TX-RAMP Partnership
TX-RAMP now recognizes GovRAMP Progressing Snapshot and GovRAMP Ready status for Provisionally Authorized Status with no expiration, a change from the usual 18-month limit. GovRAMP Authorized qualifies for full TX-RAMP compliance. Discussions with DIR are ongoing to update the TX-RAMP Program Manual for pathways to full TX-RAMP compliance through GovRAMP Ready and GovRAMP Provisionally Authorized.
7. CISA Participation
GovRAMP is actively engaged in CISA’s Joint Cyber Defense Collaborative, contributing to the High-Risk Communities Protection Planning. We’ve collaborated with CISA to co–author a blog on third-party risk management. Stay up to date for its publication on the CISA site. Additionally, discussions are in action for GovRAMP to potentially join the CISA Supply Chain Task Force.
8. 2024 Events and Collaboration
GovRAMP’s 2024 events will kick off with the inaugural GovRAMP Cyber Summit in Indianapolis on September 12th. Additionally, there are plans for a Provider Leadership Council and Leadership Retreat on September 11th and 13th.
9. 2024 Membership Updates
The Board elected to move to Tiered Memberships for Providers, Consultants, and 3PAOs in 2024. This update will provide members with options for different levels of engagement with GovRAMP that will help support the organization long-term. Additionally, all members will move to the same annual renewal date of June 1. View a summary of the 2024 Membership Update (pdf).
10. ABA Model Procurement Code
GovRAMP presented at the GW Law Summer Series 2023 during the July webinar on Reforming the ABA Model Procurement Code (MPC). Our presentation highlighted GovRAMP’s role, its alignment with emerging state and local cybersecurity strategies, and our vision for key MPC areas. As a result, we were invited to speak in a law school class on a related topic and connected with key players in the MPC reform process.
Reflecting on a Year of Achievements as We Head into 2024
GovRAMP has demonstrated a commitment to adaptation, collaboration, and education.
The non-profit prioritizes adapting to regulatory security changes, engaging successfully in partnerships, and organizing events that emphasize education. As we gain momentum heading into 2024, these principles show GovRAMP’s dedication to continue shaping the future of cybersecurity.